IBM Support

IT33239: Reduction of default transfer limit for GCM cipherSpecs to 2^24.5 TLS records

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Based on recommendations from MQ's cryptographic function
    provider (GSKit), the default data transfer limit for
    Galois/Counter Mode (GCM) cipherspecs is reduced to 2^24.5
    TLS
    records.
    
    The recommended limit of 2^24.5 TLS records is determined by
    the IETF CFRG, and is specified in RFC 8446 5.5.
    

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    Users of MQ who are using a cipherspec which uses a GCM
    algorithm for data integrity.
    
    All such cipherspecs have the string _GCM_ within the cipherspec
    name, for example TLS_RSA_WITH_AES_128_GCM_SHA256.
    
    A full list of cipherspecs supported by MQ, and the data
    integrity algorithm used by each cipherspec, can be found in the
    product Knowledge Center under the "Enabling cipherspecs" topic:
    
    https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.1.0/com.
    ibm.mq.sec.doc/q014260_.htm
    
    
    Platforms affected:
    MultiPlatform
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    It was previously recommended by MQ's cryptographic provider
    (GSKit) that a transfer limit of 2^32 TLS records using the
    same session key be applied to TLS connections using a GCM
    algorithm, based on NIST recommendation 800-38D. This
    recommendation was implemented by MQ.
    
    Following additional clarification in RFC 8446 5.5, this advice
    has been updated to recommend a reduction of the limit to
    2^24.5 TLS records using the same session key.
    

Problem conclusion

  • MQ has implemented the recommendation, and by default TLS
    connections using a GCM cipherspec will terminate when the
    transfer limit of 2^24.5 TLS records using the same session
    key is reached.
    
    Any such termination will be reported in the error log with
    error code AMQ9288.
    
    The 2^24.5 transfer limit means 23 726 566 TLS records using
    the same session key. As each TLS record has a maximum size of
    16KB, this presents a theoretical data limit of 379 625 056 KB,
    approximately 362 GB. The amount of data transferred may be
    lower, as not all TLS records exchanged on the connection may be
    at full capacity.
    
    Customers wishing to use GCM cipherspecs should consider use of
    the SSLRKEYC attribute to enforce a session key reset once a set
    amount of data has been transferred. As the limit applies to
    records with the same session key, resetting the session key
    before reaching the limit allows the connection to continue
    indefinitely.
    
    Alternatively, setting the environment variable
    GSK_ENFORCE_GCM_RESTRICTION=GSK_FALSE in the environment used to
    start the queue manager remains valid to disable the reduced
    transfer limit.
    
    
    Note that this change does not affect MQ on IBM i. On IBM i, the
    GSKit configuration is maintained at the system level and should
    be configured as described in the IBM i system administration
    guidance.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v9.0 LTS   9.0.0.11
    v9.1 LTS   9.1.0.6
    
    The latest available maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT33239

  • Reported component name

    IBM MQ BASE M/P

  • Reported component ID

    5724H7261

  • Reported release

    900

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-06-17

  • Closed date

    2020-07-10

  • Last modified date

    2020-07-20

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    IBM MQ BASE M/P

  • Fixed component ID

    5724H7261

Applicable component levels

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
21 July 2020